chore(deps): update nuget non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
Altinn.ApiClients.Dialogporten	1.76.2 -> 1.86.0
Blazor.Bootstrap (source)	3.3.1 -> 3.4.0
Microsoft.AspNetCore.Authentication.Cookies (source)	2.2.0 -> 2.3.0
Microsoft.AspNetCore.Authentication.JwtBearer (source)	8.0.8 -> 8.0.21
Microsoft.AspNetCore.Authentication.OpenIdConnect (source)	8.0.8 -> 8.0.21
Microsoft.AspNetCore.Cors (source)	2.2.0 -> 2.3.0
Microsoft.AspNetCore.OpenApi (source)	8.0.8 -> 8.0.21
Microsoft.IdentityModel.Protocols.OpenIdConnect	8.0.2 -> 8.14.0
Newtonsoft.Json (source)	13.0.3 -> 13.0.4
ScottBrady.IdentityModel	4.0.0 -> 4.1.0
ScottBrady.IdentityModel.AspNetCore	2.1.0 -> 2.2.0
Swashbuckle.AspNetCore	6.4.0 -> 6.9.0

---

Release Notes

altinn/dialogporten (Altinn.ApiClients.Dialogporten)

v1.86.0

Features

• app: add partyid to authorized parties result (#​2836) (e05cd40)

Miscellaneous Chores

• app: Rename PerformerOrg to CallerOrg and add OwnerOrg to feature metrics (#​2833) (dc549ec)
• app: Update OpenTelemetry configurations and dependencies (#​2838) (80c9dd2)

v1.83.1

Bug Fixes

• janitor: Add claims to ConsoleUser (#​2807) (f342a64)

v1.82.0

Features

• web-api: add-stop-nonadapter-mutation-logic (#​2718) (4b82569)

Bug Fixes

• app: add metrics to freeze dialog command (#​2776) (931670b)
• ci: ensure we checkout the proper ref when publishing nuget package (#​2777) (5f1938e)
• e2e: add missing Content-Type params (#​2778) (86302b3)

Miscellaneous Chores

• deps: update actions/github-script action to v8 (#​2773) (5458285)
• deps: update actions/setup-node action to v5 (#​2774) (4799461)
• deps: update dependency altinn.authorization.abac to 0.1.0 (#​2785) (3fe9708)
• deps: update dependency htmlagilitypack to 1.12.3 (#​2769) (f47496c)
• deps: update dependency microsoft.azure.appconfiguration.aspnetcore to 8.4.0 (#​2786) (779583b)
• deps: update dependency refitter.sourcegenerator to 1.6.3 (#​2784) (52aef78)
• deps: update dependency verify.xunit to 30.13.0 (#​2770) (2bca177)
• deps: update jaegertracing/all-in-one docker tag to v1.73.0 (#​2771) (b75613a)
• deps: update otel/opentelemetry-collector-contrib docker tag to v0.135.0 (#​2772) (da93ddf)

v1.79.8

Bug Fixes

• graphql: ContentUpdatedBefore/After missing from search query (#​2690) (5f58832)

Miscellaneous Chores

• deps: update dependency refitter.sourcegenerator to 1.6.2 (#​2684) (8179361)

v1.79.1

Bug Fixes

• api: Validate authorization attribute (#​2645) (22ff75f)

Miscellaneous Chores

• ci: Added explicit permissions to Github workflows (#​2647) (fa6ba60)
• deps: update MassTransit to 8.5.2 (#​2650) (732e8fa)
• webapi: Add Swagger summary for label assignment log endpoint (#​2651) (1f44767)

v1.79.0

Features

• app: Add legacy HTML embeddable content support on transmissions (#​2643) (f103207)

Bug Fixes

• ci: Add missing checkout in 'Restart container apps' GitHub Action (#​2639) (2361d35)
• janitor: Check for duplicates when syncing SubjectResource (#​2585) (fac5e17)

v1.77.0

Features

• webapi: Make Status nullable when creating dialogs (#​2623) (24de98c)

Bug Fixes

• webapi: Use correct URL for create dialog validators in docs (#​2624) (abd4484)

Miscellaneous Chores

• deps: update docker/metadata-action action to v5.8.0 (#​2615) (2072bce)
• deps: update otel/opentelemetry-collector-contrib docker tag to v0.131.1 (#​2616) (fdcd46a)

vikramlearning/blazorbootstrap (Blazor.Bootstrap)

v3.4.0: 3.4.0

✨ New Features & Enhancements

• Grid: Added support for showing/hiding or adding/removing GridColumn at runtime (#​1027, #​1060)
• Grid: Conditional rendering of GridColumn improvements (#​310)
• Grid: Footer support and ability to add grid footers (#​472, #​921)
• Grid: Column width example added (#​1099)
• Grid: Grid summary and culture updates (#​1071, #​1072, #​1075)
• Grid: Enum filters support (#​1073)
• Grid: FilterTextboxWidth can now use any unit, not just px (#​879, #​1058)
• Grid: Improved pagination, item selection, and items-per-page handling on small screens (#​1019, #​1123)
• Tabs: Setting Tab Class or Style is now functional (#​1035, #​1028)
• Tabs: Removing a Tab now makes the nearest one show (#​1033, #​1029)
• Sidebar: Image display support on sidebar/sidebar2 (#​812, #​1128)
• Icons: Updates and fixes in BootstrapIconUtility (#​1086)
• Demos: Home page improvements (#​1096)
• General: Ability to modify column visibility using IsVisible parameter (#​1060)

🐞 Bug Fixes

• Grid: Responsive="true" was not responsive when Enum Filters enabled (#​1028, #​1124)
• Grid: Removing last item from last page did not navigate to new last page (#​689, #​1059)
• Grid: Conditional rendering of GridColumn issues (#​310)
• Grid: Issue with grid summary updates (#​1072)
• Grid: Items selection, pagination, and display issues on small screens (#​1019, #​1123)
• Grid: How to set Grid page number when current page is empty (#​443)
• Grid: FilterTextboxWidth now consistently applies units (#​879, #​1058)
• Tabs: Setting Tab Class/Style issues fixed (#​1035, #​1028)
• Tabs: Removing a Tab now correctly shows the nearest tab (#​1033, #​1029)

⬆️ Upgrades

• Upgraded to Bootstrap v5.3.7 (#​1118, #​1120)
• Upgraded to Bootstrap Icons v1.13.1 (#​1119, #​1121)

🧩 Other Notable Improvements

• Improved documentation and demo coverage.
• Sidebar image support (area-sidebar, area-sidebar-2).
• Numerous merged PRs and community contributions for feature completion and bug fixes.

New Contributors

• @​rajraku made their first contribution in #​1058
• @​cpettit-proxsysrx made their first contribution in #​1102
• @​shargon made their first contribution in #​1111

Special thanks to all contributors for their efforts and dedication to making BlazorBootstrap more robust and feature-rich!

Full Changelog: vikramlearning/blazorbootstrap@v3.3.1...v3.4.0

dotnet/aspnetcore (Microsoft.AspNetCore.Authentication.JwtBearer)

v8.0.21: .NET 8.0.21

Release

What's Changed

• Update branding to 8.0.21 by @​vseanreesermsft in #​63509
• [release/8.0] (deps): Bump src/submodules/googletest from 373af2e to eb2d85e by @​dependabot[bot] in #​63500
• [release/8.0] Make duplicate deb/rpm packages so we can sign them with the new PMC key by @​github-actions[bot] in #​63250
• [release/8.0] Extend Unofficial 1ES template in IdentityModel nightly tests job by @​github-actions[bot] in #​63466
• [release/8.0] Quarantine ResponseBody_WriteContentLength_PassedThrough by @​github-actions[bot] in #​63534
• [release/8.0] Update dependencies from dotnet/source-build-reference-packages by @​dotnet-maestro[bot] in #​63261
• [release/8.0] Use wait assert in flaky tests by @​ilonatommy in #​63565
• [release/8.0] Update Microsoft.Build versions by @​github-actions[bot] in #​62507
• Merging internal commits for release/8.0 by @​vseanreesermsft in #​63603
• backport(8.0): Fix runtime architecture detection logic in ANCM by @​DeagleGross in #​63706

Full Changelog: dotnet/aspnetcore@v8.0.20...v8.0.21

v8.0.20: .NET 8.0.20

Release

What's Changed

• Update branding to 8.0.20 by @​vseanreesermsft in #​63106
• [release/8.0] (deps): Bump src/submodules/googletest from c67de11 to 373af2e by @​dependabot[bot] in #​63038
• [release/8.0] Dispose the certificate chain elements with the chain by @​MackinnonBuck in #​62994
• [release/8.0] Update SignalR Redis tests to use internal Docker Hub mirror by @​github-actions[bot] in #​63117
• [release/8.0] [SignalR] Don't throw for message headers in Java client by @​github-actions[bot] in #​62784
• Merging internal commits for release/8.0 by @​vseanreesermsft in #​63152
• [release/8.0] Update dependencies from dotnet/extensions by @​dotnet-maestro[bot] in #​63188
• [release/8.0] Update dependencies from dotnet/arcade by @​dotnet-maestro[bot] in #​63189

Full Changelog: dotnet/aspnetcore@v8.0.19...v8.0.20

v8.0.19

v8.0.18: .NET 8.0.18

Release

What's Changed

• Update branding to 8.0.18 by @​vseanreesermsft in #​62241
• [release/8.0] Update Alpine helix references by @​github-actions in #​62243
• [release/8.0] (deps): Bump src/submodules/googletest from 04ee1b4 to e9092b1 by @​dependabot in #​62201
• [8.0] Delete src/arcade directory by @​akoeplinger in #​61994
• [Backport 8.0] [IIS] Manually parse exe bitness (#​61894) by @​BrennanConroy in #​62037
• [release/8.0] Update dependencies from dotnet/source-build-reference-packages by @​dotnet-maestro in #​62006
• [release/8.0] Update dependencies from dotnet/arcade by @​dotnet-maestro in #​61944
• [release/8.0] Associate tagged keys with entries so replacements are not evicted by @​github-actions in #​62247
• [release/8.0] Block test that is failing after switching to latest-chrome by @​github-actions in #​62284
• backport(net8.0): http.sys on-demand TLS client hello retrieval by @​DeagleGross in #​62290
• Merging internal commits for release/8.0 by @​vseanreesermsft in #​62302

Full Changelog: dotnet/aspnetcore@v8.0.17...v8.0.18

v8.0.17

Bug Fixes

• Forwarded Headers Middleware: Ignore X-Forwarded-Headers from Unknown Proxy (#​61623)
  The Forwarded Headers Middleware now ignores X-Forwarded-Headers sent from unknown proxies. This change improves security by ensuring that only trusted proxies can influence the forwarded headers, preventing potential spoofing or misrouting of requests.

Dependency Updates

• Update dependencies from dotnet/arcade (#​61832)
  This update brings in the latest changes from the dotnet/arcade repository, ensuring that ASP.NET Core benefits from recent improvements, bug fixes, and security patches in the shared build infrastructure.

• Bump src/submodules/googletest from 52204f7 to 04ee1b4 (#​61761)
  The GoogleTest submodule has been updated to a newer commit, providing the latest testing features, bug fixes, and performance improvements for the project's C++ test components.

Miscellaneous

• Update branding to 8.0.17 (#​61830)
  The project version branding has been updated to reflect the new 8.0.17 release, ensuring consistency across build outputs and documentation.

• Merging internal commits for release/8.0 (#​61924)
  This change merges various internal commits into the release/8.0 branch, incorporating minor fixes, documentation updates, and other non-user-facing improvements to keep the release branch up to date.

---

This summary is generated and may contain inaccuracies. For complete details, please review the linked pull requests.

Full Changelog: dotnet/aspnetcore@v8.0.16...v8.0.17

v8.0.16: .NET 8.0.16

Release

What's Changed

• Update branding to 8.0.16 by @​vseanreesermsft in #​61283
• [release/8.0] (deps): Bump src/submodules/googletest from 24a9e94 to 52204f7 by @​dependabot in #​61260
• [release/8.0] Update dependencies from dotnet/source-build-externals by @​dotnet-maestro in #​61281
• [release/8.0] Upgrade to Ubuntu 22 by @​wtgodbe in #​61216
• [release/8.0] Update dependencies from dotnet/arcade by @​dotnet-maestro in #​60901
• [release/8.0] Update dependencies from dotnet/source-build-reference-packages by @​dotnet-maestro in #​60926
• [release/8.0] Update dependencies from dotnet/arcade by @​dotnet-maestro in #​61404
• Merging internal commits for release/8.0 by @​vseanreesermsft in #​61398
• [release/8.0] Update dependencies from dotnet/arcade by @​dotnet-maestro in #​61411
• Revert "Revert "[release/8.0] Update remnants of azureedge.net"" by @​wtgodbe in #​60352
• [release/8.0] Fix preserving messages for stateful reconnect with backplane by @​BrennanConroy in #​61375
• [release/8.0] Update dependencies from dotnet/source-build-reference-packages by @​dotnet-maestro in #​61442
• fetch TLS client hello message from HTTP.SYS by @​BrennanConroy in #​61494

Full Changelog: dotnet/aspnetcore@v8.0.15...v8.0.16

v8.0.15: .NET 8.0.15

Release

What's Changed

• [release/8.0] Update dependencies from dotnet/arcade by @​dotnet-maestro in #​60355
• Update branding to 8.0.15 by @​vseanreesermsft in #​60784
• Add partitioned to cookie for SignalR browser testing by @​BrennanConroy in #​60728
• [release/8.0] (deps): Bump src/submodules/googletest from e235eb3 to 24a9e94 by @​dependabot in #​60677
• Merging internal commits for release/8.0 by @​vseanreesermsft in #​60879

Full Changelog: dotnet/aspnetcore@v8.0.14...v8.0.15

v8.0.14: .NET 8.0.14

Release

What's Changed

• Update branding to 8.0.14 by @​vseanreesermsft in #​60197
• [release/8.0] (deps): Bump src/submodules/googletest from 7d76a23 to e235eb3 by @​dependabot in #​60150
• [release/8.0] Fix java discovery in IdentityModel pipeline by @​wtgodbe in #​60075
• [release/8.0] Update dependencies from dotnet/source-build-externals by @​dotnet-maestro in #​60199
• [release/8.0] Update dependencies from dotnet/source-build-reference-packages by @​dotnet-maestro in #​59922
• [release/8.0] Readd DiagnosticSource to KestrelServerImpl by @​github-actions in #​60203
• [release/8.0] Update to MacOS 15 in Helix by @​github-actions in #​60239
• [release/8.0] Use the latest available JDK by @​wtgodbe in #​60233
• [release/8.0] Fix skip condition for java tests by @​github-actions in #​60243
• [release/8.0] Update list of helix queues to skip by @​wtgodbe in #​60231
• [release/8.0] [Blazor] Allow cascading value subscribers to get added and removed during change notification by @​github-actions in #​57288
• [release/8.0] Update remnants of azureedge.net by @​sebastienros in #​60264
• [release/8.0] Centralize on one docker container by @​wtgodbe in #​60299
• Revert "[release/8.0] Update remnants of azureedge.net" by @​wtgodbe in #​60324
• Merging internal commits for release/8.0 by @​vseanreesermsft in #​60316

Full Changelog: dotnet/aspnetcore@v8.0.13...v8.0.14

v8.0.13: .NET 8.0.13

Release

What's Changed

• [release/8.0] Update dotnetbuilds CDN to new endpoint by @​mmitche in #​59575
• Update branding to 8.0.13 by @​vseanreesermsft in #​59756
• [release/8.0] Skip MVC template tests on HelixQueueArmDebian12 by @​wtgodbe in #​59295
• [release/8.0] Update OSX helix queue by @​github-actions in #​59742
• [release/8.0] (deps): Bump src/submodules/googletest from d144031 to 7d76a23 by @​dependabot in #​59678
• [release/8.0] Skip tests on internal queues too by @​github-actions in #​59579
• [release/8.0] Fix Kestrel host header mismatch handling when port in Url by @​BrennanConroy in #​59403
• Migrate off of Debian 11 by @​v-firzha in #​59584
• [release/8.0] Pin to S.T.J 8.0.5 in Analyzers by @​wtgodbe in #​59777
• [release/8.0] [Blazor WASM standalone] Avoid caching index.html during development by @​github-actions in #​59349
• Update to Fedora 41 by @​BrennanConroy in #​59817
• [release/8.0] Update dependencies from dotnet/source-build-externals by @​dotnet-maestro in #​59811
• [release/8.0] Update dependencies from dotnet/source-build-reference-packages by @​dotnet-maestro in #​59825
• [release/8.0] Update dependencies from dotnet/arcade by @​dotnet-maestro in #​59864
• [release/8.0] Fix/update docker tags by @​wtgodbe in #​59867
• Merging internal commits for release/8.0 by @​vseanreesermsft in #​59872

Full Changelog: dotnet/aspnetcore@v8.0.12...v8.0.13

v8.0.12: .NET 8.0.12

Release

What's Changed

• Update branding to 8.0.12 by @​vseanreesermsft in #​58800
• [release/8.0] (deps): Bump src/submodules/googletest from 6dae7eb to 1204d63 by @​dependabot in #​58741
• Add scope for internal npm packages by @​BrennanConroy in #​58512
• [release/8.0] Update dependencies from dotnet/source-build-externals by @​dotnet-maestro in #​58477
• [release/8.0] Upgrade serialize-javascript transient dependency by @​MackinnonBuck in #​58466
• [release/8.0] Update Messagepack dependency by @​wtgodbe in #​58676
• Merging internal commits for release/8.0 by @​vseanreesermsft in #​58898
• [release/8.0] Use MacOS-13 in CI by @​wtgodbe in #​58549
• [release/8.0] Update dependencies from dotnet/arcade by @​dotnet-maestro in #​59065
• [release/8.0] Fix java discovery in helix-matrix by @​wtgodbe in #​59181
• [release/8.0] Update dependencies from dotnet/roslyn by @​wtgodbe in #​59184
• [release/8.0] (deps): Bump src/submodules/googletest from 1204d63 to d144031 by @​dependabot in #​59033

Full Changelog: dotnet/aspnetcore@v8.0.11...v8.0.12

v8.0.11: .NET 8.0.11

Release

What's Changed

• Update branding to 8.0.11 by @​vseanreesermsft in #​58198
• [release/8.0] (deps): Bump src/submodules/googletest from ff233bd to 6dae7eb by @​dependabot in #​58180
• [release/8.0] Add explicit conversion for value-type returning handlers with filters by @​captainsafia in #​57966
• [release/8.0] Stop using Mac 11 in Helix by @​wtgodbe in #​58063
• [release/8.0] Enable TSA/Policheck by @​github-actions in #​58124
• [release/8.0] (deps): Bump src/submodules/MessagePack-CSharp from ecc4e18 to 9511905 by @​dependabot in #​58179
• [Backport] Http.Sys: Clean up Request parsing errors by @​BrennanConroy in #​57819
• [release/8.0] Update the Microsoft.Identity.Web versions used by project templates by @​halter73 in #​58229
• Add registry search for upgrade policy keys, update dependencies from Arcade by @​dotnet-maestro in #​58278
• Merging internal commits for release/8.0 by @​vseanreesermsft in #​58300
• [release/8.0] Remove ProviderKey from Hosting Bundle by @​github-actions in #​58294
• [release/8.0] Update dependencies from dotnet/source-build-externals by @​dotnet-maestro in #​58352
• [release/8.0] Update dependencies from dotnet/arcade by @​dotnet-maestro in #​58347
• [release/8.0] Improve dev-certs export error message by @​amcasey in #​58470
• [release/8.0] Update dependencies from dotnet/arcade by @​dotnet-maestro in #​58474

Full Changelog: dotnet/aspnetcore@v8.0.10...v8.0.11

v8.0.10: .NET 8.0.10

Release

AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet (Microsoft.IdentityModel.Protocols.OpenIdConnect)

v8.14.0

Compare Source

====

Bug Fixes

• Switch back to use ValidationResult instead of OperationResult when validating a token in a new experimental validation flow. Additionally removed the dependency on Microsoft.IdentityModel.Abstractions. See #​3299 for details.

v8.13.1

Compare Source

====

Dependencies

Microsoft.IdentityModel now depends on Microsoft.Identity.Abstractions 9.3.0

Bug Fixes

• Fixed a decompression failure happening for large JWE payloads. See #​3286 for details.

Work related to redesign of IdentityModel's token validation logic #​2711

• Update the validation methods to return Microsoft.Identity.Abstractions.OperationResult. See #​3284 for details.

v8.13.0

Compare Source

====

Fundamentals

• CaseSensitiveClaimsIdentity.SecurityToken setter is now protected internal (was internal). See PR #​3278 for details.
• Update .NET SDK version to 9.0.108 used when building or running the code. See PR #​3274 for details.
• Update RsaSecurityKey.cs to replace the Pkcs1 padding by Pss from HasPrivateKey check. See #​3280 for details.

v8.12.1

Compare Source

====

Fundamentals

• Update .NET SDK version to 9.0.107 used when building or running the code. See #​3385 for details.
• To keep our experimental code separate from production code, all files associated with experimental features have been moved to the Experimental folders. See PR #​3261 for details.
• Experimental code leaked into TokenValidationResult from early prototypes. See PR #​3259 for details.

v8.12.0

Compare Source

====

New Features

• Enhance ConfigurationManager with event handling
  Added event handling capabilities to the ConfigurationManager, enabling consumers to subscribe to configuration change events. This enhancement improves extensibility and allows more responsive applications. For details see #​3253

Bug Fixes

• Add expected Base64UrlEncoder.Decode overload for NET6 and 8
  Introduced the expected overload of Base64UrlEncoder.Decode for .NET 6 and 8, ensuring compatibility and preventing missing method issues on these frameworks.
  For details see #​3249

Fundamentals

• Add AI assist rules
  Incorporated AI assist rules to enhance AI agents effectiveness.
  For details see #​3255
• Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0
  Upgraded analyzer packages for improved diagnostics and code consistency (in particular delegates are added).
  For details see #​3256
• Move suppression of RS006 to csproj
  Centralized suppression of RS006 warnings in project files for easier management.
  For details see #​3230

v8.11.0

Compare Source

=====

New Features:

• Microsoft.IdentityModel now exposes the AadIssuerValidator factory method publicly to enable caching functionality for AadIssuerValidator instances. See issue #​3245 for details.
• Added a new public async API: JsonWebTokenHandler.DecryptTokenWithConfigurationAsync, which decrypts a JWE token using keys from either TokenValidationParameters or, if not present, from configuration (such as via a ConfigurationManager). This enhancement improves developer experience by enabling asynchronous, cancellation-aware JWE decryption scenarios, aligning with modern .NET async patterns and making integration with external key/configuration sources more robust and observable. See PR #​3243 for details.

v8.10.0

Compare Source

=====

Bug Fixes

• Corrected casing of the Type attribute in SubjectConfirmationData. See #​3206.
• Removed Microsoft.Bcl.Memory dependency for pre-.NET 9.0 targets. See #​3220 to avoid build warnings with the other target frameworks
• Aligned Microsoft.Extensions.Logging.Abstractions version to 8.0.0 for .NET 9 to match other targets. See #​3226.

Fundamentals

• Introduced Long-Term Support (LTS) policy. See #​3228 and #​3232.

v8.9.0

Compare Source

=====

Bug Fixes

• syncAfter has been updated to preserve UTC information, addressing a bug where GetConfigurationAsync does not refresh configuration in ConfigurationManager. See #​3213.
• Fixed a null reference issue in KeyInfo. See (#​3203)[#​3203].

New Features

• Introduced a new delegate for reading custom token payload values on JsonWebToken. See #​2981.
• Added an overload for ReadJsonWebToken to take a ReadOnlyMemory. See [#​3205](https://redirect.github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/48cdc0ca10e81cf9d6d7071801112d63189a44

---

Configuration

📅 Schedule: Branch creation - "before 07:00 on Thursday" in timezone Europe/Oslo, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.